Summary: Stallman speaks about security, privacy, networks, and the NSA

TODAY’S part (fifth in thisseriesofinterviews) deals with several different topics that Stallman rarely speaks about publicly. The full transcript follows.

Dr. Roy S. Schestowitz: The next bunch of things I’d like to speak about is the data, showing whole data security, I mean, security from the point of view of the user, not security from the point of view of, you know, “national security”, which could mean just about anything.

Dr. Richard M. Stallman: I understand.

RSS: The repositioning of the datacentres and the location of datacentres that companies are selecting — what role do you think that plays in privacy?

RMS: Well, if you’re going to deal with a company and it’s going to get some personal information about you and that company’s servers are hosted by a US company — whether in the US or not — then that means that the US government can get all your information.

If a country wants to provide data protection to its citizens, part of their data protection must include not permitting that data to be searched in any way as part of the company’s operations, to have [...] fully reliable and cooperating data protection. So for instance, a European company should not be allowed to host its data on an Amazon server.

“…the encryption of a network hub is not something that you can depend on for your own privacy because, you know, if other people are getting on the network hub, they can listen to your packets too, so if you want to maintain your privacy, you do that with something else like communicating with SSH.” –Richard StallmanRSS: There was one case way back in 2008 or so, several of us European people and people in the FFII were trying to encourage the European Commission not to put Google Analytics in its Web site. That was a public service Web site which was providing, using JavaScript, a helluva lot of details about the European citizens accessing the site to a US company. I don’t think that’s being addressed sufficiently, even now a lot of the servers…

RMS: Well, you’re certainly right and I would suggest that if a Web page is set up so that it will provide information [to] these companies, that should be treated as legally equivalent to the case where the operator of that Web page explicitly sent the same data to [these companies] and of course in Europe that would bring the European data protection rules into play and that would say, “no, you can’t send this data to Google Analytics or to some advertising network or anyone.”

RSS: I want to also ask you about encryption. I’m not sure to what degree you’re into, into all these — I suppose this is an area that enthusiasts in the field of security are very much into — but several of us people are trying to find reliable encryption, ubiquitous encryption method…

RMS: Well, I can help you find that. I know how to use the GNU Privacy Guard. However, in order to use that you’ve got to have somebody’s public key. So that’s why I was wondering if when I go to the UK we might meet and then can I could get your public key.

RSS: We’ll probably come to it later, but in the UK we have this big scandal right now about spying on diplomats in the G8 summit and that’s probably something that Russia — I read about it today — Russia is apparently going to take some legal action over it as well as the NSA leaks. There was spying on people using, basically honeypots as access points, as a way in which it would connect to a wireless access point and of course even if people are using E-mail with SSL/TLS, I’m not sure to what degree this is safe. We know WPA — WPA2 even — is crackble. And…

RMS: Well, okay, the point is, the encryption of a network hub is not something that you can depend on for your own privacy because, you know, if other people are getting on the network hub, they can listen to your packets too, so if you want to maintain your privacy, you do that with something else like communicating with SSH.

Now, the relevance of encryption on the network hub — that’s not just a way of controlling who can use it. It’s very important for people to maintain Wi-Fi networks without any kind of password, because if you don’t, then you’re becoming an enforcer in the war on sharing. One way to resist the application of unjust laws such as the Digital Economy Act is by not having a key on your Wi-Fi network.

RSS: That increases the pressure through liability claims, so…

“Collective responsibility is the policy that says, if you don’t help keep everyone else subjected, we’ll punish you.” –Richard StallmanRMS: Of course, collective responsibility is the tool of tyrants. Collective responsibility is the policy that says, if you don’t help keep everyone else subjected, we’ll punish you. Right now the UK government is using the system of collective responsibility to divide people and turn everybody into an enforcer against everybody else, and that’s why it’s people’s duty to refuse to do it.

RSS: And I suppose the same…

RMS: …Wi-Fi that works without passwords, so that they refuse to enforce the system of unjust control on everyone else.

RSS: I totally agree with you and the same was said about the solidarity when it comes to encrypting E-mail. We should make it a standard thing to encrypt our E-mails although, to tell you the truth, I mean, all the encryption methods are based upon industry standards that are accepted at the other end of the line, so when you send somebody an E-mail you have to make sure they have the same decryption methods upon which…

RMS: Right. That’s why it’s difficult, in practice, to encrypt all our E-mails. We can encrypt E-mail with people that we know and have arranged to exchange keys with. But the other thing to point out is that encrypting E-mail doesn’t disguise any of the metadata, so the NSA can still track who sends E_mail to whom, even if the contents are encrypted.

RSS: And I suppose with all the mathematicians at the NSA — they seem to be hiring quite a few very skilled people who can do analysis on the encryption methods and…

RMS: They’ve been doing that since 19…

RSS: Fifty?

RMS: 1949 or so.

RSS: I think the NSA was only founded in 19…

RMS: Well, it wasn’t then called the NSA, but it doesn’t matter. You know, details like where it’s put don’t matter.

Later today I’ll be meeting Stallman in Oxford to get some video interviews done with him. This time the audio quality will be vastly better.

When Dr. Glyn Moody, another occasional author who writes for The Guardian found out about NSA book doors, he wrote the article “How Can Any Company Ever Trust Microsoft Again?” This article went viral and also got some translations. It makes similar points to the ones above. Anybody foolish enough to still trust Microsoft is simply deserving of the Darwin Award.

The news about Microsoft-NSA collusion received a lot of press coverage, including some in pro-FOSS sites, even in numerous different languages (I saw over a hundred headlines while researching the subject). This is really hurting Microsoft, which is struggling to spin what it just cannot denied. Not only was Microsoft shown to be colluding with the NSA (PRISM lists Microsoft as the first partner) but it also got caught lying to the public.

“Given what we know, surveillance just ought to be the expectation, not a theory or an hypothesis.”At this stage, anybody foolish enough to host anything on Microsoft Azure just simply deserves to be spied on. Given what we know, surveillance just ought to be the expectation, not a theory or an hypothesis. Canonical was stupid enough to end up aiding the criminals when it signed a deal with the devil (Azure). Then again, it’s not as though Canonical cherishs users’ privacy; it gives Amazon (hence the NSA) some data about users’ local searches — something which even Microsoft is not doing just yet (although other reports which Richard Stallman speaks of say that this has been going on for many years). Knowing that Microsoft uses faux ‘encryption’ with back doors, expect nothing to be secure. It’s just not designed to be secure, it’s designed to serve US “national security”, which basically means US interests — whatever they may be.

If anyone should be mad at the NSA for all the snooping that appears to be going on, it should be the Department of Commerce, not privacy advocates. The recent revelations are not a threat to national security so much as a threat to the national economy. And if I were Microsoft, I’d be having around-the-clock meetings to discuss how to fix what is about to happen.

Microsoft, despite denials, appears to be in bed with the NSA. Apparently all encryption and other methods to keep documents and discussions private are bypassed and accessible by the NSA and whomever it is working with. This means a third party, for whatever reason, can easily access confidential business deals, love letters, government classified memos, merger paperwork, financial transactions, intra-corporate schemes, and everything in between.

Anybody who puts GNU/Linux on top of Azure should not only expect to pay patent tax to Microsoft but should also expect government surveillance on everything. We know that storage servers as a whole, not just routers, have back doors. Free software and GNU/Linux are the way to go, provided there is no proprietary bug in the stack. █

Computer manufacturer HP has admitted that its StoreVirtual servers also contain an undocumented backdoor. The security vulnerability risks allowing attackers to gain unauthorised access to the storage systems. The backdoor provides users with direct access to the holy of holies, “LeftHand” (the operating system for the StoreVirtual server). HP has previously marketed its StoreVirtual systems as LeftHand Storage and P4000 SAN. LeftHand OS was originally called SAN/iQ.

Since we know that the NSA was cracking routers in China in order to eavesdrop or take control of network backbones (since 2009), this is noteworthy. The US has recently been paranoid about buying Chinese hardware (or hardware manufactured in China), based on NDAA clauses. In reality, it’s the US perhaps that should be feared (biggest spy bar none, just like its military).

I have worked with LeftHand devices before (it’s a fairly recent HP acquisition, costing $360 million in cash) and they’re like the backbone of storage in many enterprises and probably governments, too. It’s like a master key to many hard drives. If you control both network and storage backbones, you’re the jack of all trades and the master of the world.

Backdoor in US emergency alert systems

The US-CERT, which is part of the US Department of Homeland Security, warns that security-critical vulnerabilities in US emergency alert systems potentially allow attackers to switch off the systems or misuse them to broadcast arbitrary emergency alerts. The Linux systems are used at TV and radio stations in the US and enable the US government to interrupt ongoing broadcasts when there is an emergency. This is designed to allow the US president to address the nation within ten minutes.

The latter is unlikely to be a back door by design. The ramifications, however, are noteworthy. These systems are proprietary. █

Summary: Microsoft so upset that patent terrorism is not accepted by US Customs that it is filing a lawsuit and continues to pursue bans on Linux/Android

MICROSOFT has already sued numerous companies including Motorola over the use of Android. Microsoft later added lawsuits against Google, targeting Android again. That’s not even including all the extortion, back room deals, and lawsuits by proxy. Microsoft, as per the definition of terrorism, is now acting like some kind of a terrorist organisation, focusing solely on injuring the competition (by blackmail accompanied by threats) and not at all on creating a product. This has gone on since shortly after the Microsoft-Novell deal (or two years earlier).

The US ITC, which helps companies like Microsoft and Apple embargo Android devices, not so long ago helped Microsoft ban imports of Google Phone products. Quite rightly, US Customs officials are refusing to obey these ridiculous acts of extortion and guess what happens? The terrorist is suing them.

Microsoft Sues U.S. Customs for Failed Google Phone Ban

Microsoft Corp. (MSFT) accused U.S. Customs officials of refusing to follow a trade agency’s order to block imports of phones made by Google Inc. (GOOG)’s Motorola Mobility unit in a lawsuit that seeks to alter how such cases are handled.

The U.S. International Trade Commission in Washington issued the import ban in May 2012 after deciding that Motorola Mobility devices infringed a Microsoft patent for a way mobile phones synchronize calendar events with other computers. Microsoft’s lawsuit, filed yesterday in Washington, says that order isn’t being enforced.

If one actually wants to see what patents Microsoft uses against Linux and Android, look at the Barnes and Noble complaint (before Microsoft paid a hefty bribe for the complaint to be dropped). Software patents are hardly legitimate, certainly not at all in the vast majority of the world. Here is a thought-provoking post that Groklaw shared the other day:

I think you guys will want to see this extraordinarily interesting talk by Carl Hewitt on YouTube. He talks about the future of IP software — future as in when computers start filing patent applications. “If there is no principled way to distinguish computation from human thinking” — then what? Human thinking isn’t patentable. And if the meaning is a mathematical denotation, and mathematics is also unpatentable, what happens when computers are filing thousands and thousands of patent applications on all the patentable IP in the universe?

Groklaw should be commended for coming out in defence of Google and against software patents in recent years (more so than in prior years). █

Summary: ‘Retirement’ the dubious excuse for the departure of the head of Microsoft Office, a product which saw its market penetration declining in several quarters over the past few years

JUST shortly after the Xbox chief left (a couple of months before him the game chief had left) the head of the product most profitable in Microsoft is leaving, but this has mostly been missed due to the silly ‘reorg’ propaganda we predicted would come to distract [1, 2, 3]. Our Wiki about Microsoft helps show how the company declined in recent years because we are investigating rather than just relaying Microsoft’s own claims. Here is a timely reminder wrapped in PR:

Both Apple and Google now boast higher total market values than Microsoft.

Kurt DelBene will be retiring from Microsoft. “Kurt has been a huge part of our success in evolving Office to be a great cloud service,” Ballmer wrote.

Craig Mundie will devote 100% of his time to a special project for Ballmer through the end of this calendar year. Beginning in 2014, Craig will continue as a consultant through his previously agreed upon departure date at the end of calendar 2014.

Rick Rashid will step away from running Microsoft Research and move into a new role driving core OS innovation in Microsoft’s operating systems group. 9.

That first item is huge news, but it’s only a bulletpoint in number 8 of the points which are mostly fluff, marketing, and other nonsense. This basically says that a man who is only 52 is ‘retiring’. Sounds like damage control and nonsense, as it wouldn’t be the first such example. Gates too claimed he was ‘retiring’. █

Summary: Gates is further expanding his war on seed freedom, promoting instead — in very nefarious ways — a GMO (genetically-monopolised ownership) agenda from which he derives great profit

THE Gates Foundation is hungry. It is hungry for more power and wealth and it is trying hard to make billions by investing in genetically-monopolised crops. The marketing strategy is to pretend it’s about curing people’s illnesses and/or ending hunger. In reality it’s about introducing higher cancer risk and making food more expensive, hence harder to acquire.

“It is rule/reign by proxy, relaying Gates’ policies for his investments.”AllAfrica, which Bill Gates has bribed to promote his agenda in Africa (this is a large hub of articles, some say the largest in the continent) published the puff piece “Gates Foundation to Build Standard Biotech Lab in Nigeria” and a similar ‘article’ (more like PR, maybe ghost-written by the peripheral PR agencies) repeats just talking points without doing any investigation. It says: “The Bill and Melinda Gates Foundation, an independent and Non-governmental Organisation, has concluded arrangement to build a standard biotechnology laboratory to help build human capacity in national programmes in Nigeria and Africa as a whole.”

Africa as a whole. Got that?

It is rule/reign by proxy, relaying Gates’ policies for his investments. Here is one part which echoes Gates’ henchman: “My mission in Nigeria as mandated by Bill and Melinda Gates Foundation is to see the possibilities of empowering Nigeria: the National Systems, Programmes in Nigeria, to have the capacity to use biotechnology laboratory technologies for crop improvement”.” Guess who pays this man’s wage. With a black face, a lot of people will fail to spot the ringleader and the foreign profiteer.

These people don’t seem to mind the fact that Gates is causing polio in Africa, for profit, through malicious corporations that exploit Africans and harm their health for improved revenue (notably Shell). To them, Africa is an opportunity not just because it has vast oil reserves underground but also because it can be extracted from the ground while causing great pollution (smoke, leaks) without incurring the wrath of lawyers. The same goes for clinical trials (drug experimentation on humans in large numbers, without the threat of litigation).

“The whole idea is to monopolise people’s food even in less Americanised nations.”They keep printing the lie that Gates is working to end polio, giving him credit for other people’s work.

While this plutocrat puts his money in abusive oppression we also see further confirmation that confidence in GMO is somewhat low. “According to Nation Of Change,” says this report, “in an article dated July 6, Bill Gates his foundation are preparing for doomsday by having a seed vault built in a permafrost mountain of Norway. Specifically in the on the Norwegian island of Spitsbergen, which is part of the group of islands known as Svalbard. For those of you that do not know much about Mr. Gates here is a small run down of him according to news reports and articles available internet-wide. Mr. Gates is not only the creator of Microsoft and one of the world’s, if not THE world’s, richest man. But he is also known for funneling tons of money into the genetically modified food (GMO) realm.”

Yes, so sure about the value of GMO that they have a backup vault, eh? But that’s not the full story, as the main issue with GMO is the patents. The whole idea is to monopolise people’s food even in less Americanised nations. And Gates invests in this agenda (profit) while lobbying for it under the guise of “doing good”. We are not going to delve into research about pesticides, cancer, soil toxicity, etc. because it’s not our subject of interest (patents are more relevant to us), but for those who wish to know about GMO, there are plenty of good resources all over the Web and in published literature. Techrights has already covered GMO in African in some of the posts below. █

Summary: A look at some of Gates’ latest attempts to profit from a colossal public service, including new examples of PR and payouts

The Gates Foundation keeps trying to bribe schools to help its privatisation agenda (Gates invests in companies that would profit from it). Here is the latest large bribe. To quote a report: “School officials revealed it is the recipient of a $1.2 million “Smart Spending” grant from the Bill & Melinda Gates Foundation. $850,000 comes from the foundation and a local match, primarily from the Great Schools Partnership, will cover the rest.” What is this latter group and what is it aspiring to achieve? Gates already bankrolls dozens if not hundreds of AstroTurf groups in the schools market (yes, to him its a market, subsidised by taxpayers). We previously covered Teach For America (TFA), one of Gates’ bigger astroturfing groups. We mentioned it recently because it's back in action and this site complains about it. To quote: “Tim Wise specializes in talking to white people about racism. Teach For America is a major player in the elitist and racist scam to privatize public education, supplying mostly white grads of elite colleges as ghetto teacher temps.”

“This ‘charity’ is often doing the exact opposite of charity.”From the comments: “To believe modern education reform is looking out for minorities, you have to believe that all of a sudden, the Walton’s, Gates, Koch’s and A.L.E.C. All have th best interests of poor people in mind, when they have taken advantage of them in every other single realm of society.”

Remember that Gates was funding ALEC [1, 2]. This ‘charity’ is often doing the exact opposite of charity.

The above link came from Metacode and coincidentally we see the teachers’ blog we love so much complaining about FTA again, seeking to “Amplify the voices of those negatively impacted by TFA in their schools and communities” (using a Microsoft/NSA surveillance tool, Skype, to organise).

As always, Gates keeps working on some PR stories to portray himself as helping students and helping children. When you hurt them all so badly for private gain (profit) and corporate indoctrination you may rightly wish to deceive the public. It is easy to do this when you literally buy a lot of the relevant media, including blogs. █